Privacy Notice for Shareholders, Debenture Holders, and Directors

Logo PDPD

Privacy Notice for Shareholders, Debenture Holders, and Directors

Long Son Petrochemicals Co., Ltd respects your privacy rights. This notice explains how we process your personal data in electronic and other formats, in accordance with Vietnam’s Personal Data Protection Laws.

1. Definitions

1.1. “We” means Long Son Petrochemicals Co., Ltd.

1.2. “You” means shareholders, debenture holders, directors, and related persons (attorneys, nominees, agents, associates, spouses, parents, siblings, children, and other connected persons).

1.3. “Processing” means any act impacting personal data: collecting, recording, analyzing, confirming, storing, editing, publicizing, disclosing, combining, accessing, retrieving, encrypting, decrypting, copying, sharing, transmitting, transferring, deleting, destroying.

1.4. “Vietnam Personal Data Protection Laws” refers to laws including Decree No. 13/2023/NĐ‑CP on Personal Data Protection (as amended).

2. Purposes of Processing

2.1. We process your data for:

  1. Compliance with corporate and securities laws, including incorporation, capital changes, restructuring, and registry updates, specifically to:
    • Arrange and organize shareholders’ meetings.
    • Select and nominate directors; organize board meetings.
    • Manage rights and duties of shareholders and debenture holders.
    • Pay dividends, interest, and principal on debentures.
    • Produce, submit, and publicize accounting/legal reports.
    • Comply with laws for limited, public, and listed companies.
    • Adhere to competent authorities’ rules and orders.
  2. Perform contractual obligations: paying remuneration, assessing performance, facilitating participation.
  3. Manage our companies: hosting meetings, producing/disclosing reports, recording meeting audio/video.
  4. Disclose and publicize meeting/event documents and information.
  5. Organize events; send you news and offers.
  6. Restructure, sell, or transfer business/assets as needed.
  7. Establish or defend legal claims.
  8. Ensure your security: premises access control, epidemic management, identity verification.
  9. Protect vital interests: emergency contact, disease prevention.
  10. Perform public-interest tasks or exercise official authority.

This list is illustrative and may be updated as needed.

2.2. For purposes requiring consent, we will inform you at collection and in later sections.

3. Personal Data We Collect

We collect data directly from you and indirectly from government agencies, SCG Group companies, business partners, registrars, and trusted service providers:

3.1. Shareholders’ Data

When you subscribe to or hold our shares:

  1. Names, addresses, phones, emails, contact details
  2. Nationalities, occupations, dates of birth, tax IDs, identification numbers, passport numbers
  3. Blood types, photographs, videos, bank accounts
  4. Number of shares, signatures, genders, marital status, places of birth, religious beliefs

3.2. Directors & Committee Members’ Data

Upon nomination or appointment:

  • Nomination/Election: ID documents, names, genders, photos, ages, education, professional experience, other directorships.
  • Appointment: ID & immigration documents, personal IDs, passport numbers, DOB, nationalities, religions, birthplaces, heights, training records, attendance, marital status, connected persons, preferences, blood types, contact details, bank accounts, vehicle registrations, occupations, professional history, other directorships, meeting attendance, remuneration, securities holdings, performance, and governance-required data.

3.3. Shareholders’ Meetings Data

When you register or attend:

  1. Names, addresses, phones, emails
  2. Number of shares held, ID/passport numbers
  3. Questions you ask
  4. Images, video, audio recorded during meetings

3.4. Additional Data

3.4. We will notify you and comply with law if further data is needed.

3.5. Sensitive Personal Data

When necessary, with safeguards:

  1. Facial recognition or fingerprint data for identity verification
  2. General health data (allergies, vaccination) for events and compliance
  3. Unintentional sensitive data (e.g., religious beliefs) will be redacted or not processed
  4. May include financial and location data

3.6. If you share others’ data, you must have the right and inform them of this notice.

4. Cookies

4.1. We use cookies and similar technology per our Cookies Notice.

5. Consent, Withdrawal & Consequences

5.1. You may withdraw consent anytime; prior processing remains valid.

5.2. Withdrawal/refusal may prevent some processing.

5.3. Withdraw via the consent channels or contact us at Section 11.

5.4. Under‑16s or incapacitated persons need guardian authorization.

5.5. Consenting on others’ behalf requires legal authority.

6. Retention Period

6.1. Retain data as needed, unless law requires longer.

6.2. Delete/destroy data when no longer necessary.

6.3. If consent-based, stop processing upon withdrawal but retain for records.

7. Disclosure

7.1. Shared with:

  1. SCG Group companies (inside & outside Vietnam) as per latest report: https://scc.listedcompany.com/ar.html
  2. Other parties (dealers, logistics, postal, data processors, marketing, contractors, finance, IT, regulators, insurers, legal advisors, and others) as necessary to conduct business and meet processing purposes.

7.2. Recipients may have their own notices; please review them.

7.3. On restructuring, transfers, mergers, we may disclose data to counterparties/advisors under legal compliance.

7.4. Recipients must protect data and process only as necessary.

8. International Transfers

8.1. May transfer data to SCG or others outside Vietnam when necessary.

8.2. Data may be stored offshore; providers must ensure security.

8.3. We comply with applicable laws and ensure your rights; recipients must protect data and process only as needed.

9. Security Measures

9.1. We apply encryption, access controls, and training to protect data.

9.2. Physical, technical, and administrative safeguards with regular reviews.

9.3. Additional measures for sensitive personal data.

10. Your Rights & Obligations

10.1. You have rights to:

  1. Be informed of processing
  2. Give & withdraw consent
  3. Access & correct your data
  4. Object to marketing
  5. Request deletion/anonymization
  6. Request restriction of processing
  7. Request portability
  8. File complaints or legal claims

10.2. We will respond within a reasonable timeframe under law.

10.3. To exercise rights, contact compliance@lsp.com.

10.4. You must provide accurate data when consenting.

11. Data Controller & DPO

11.1. Data Controller: Long Son Petrochemicals Co., Ltd.

11.2. Address: Hamlet 2, Long Son commune, Vung Tau city, Ba Ria – Vung Tau province.

11.3. Contact: compliance@lsp.com.

If this notice is amended, the new version will be published on our website or other channels, effective immediately upon posting.

Power By Reddot digital co.,ltd.